CVE-2021-45105

🗓️ 18 Dec 2021 11:55:08Reported by apacheType

cve🔗 web.nvd.nist.gov📰️ 4 Media mentions👁 1162 Views🌐 WEB

Apache Log4j2 vulnerability (CVE-2021-45105

Reporter	Title	Published	Views	Family All 424
IBM Security Bulletins	Security Bulletin: Due to use of Apache Log4j, IBM Content Navigator is vulnerable to arbitrary code execution (CVE-2021-45046) and denial of service (CVE-2021-45105)	25 Feb 202223:22	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Engineering Requirements Management DOORS is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)	28 Jan 202216:56	–	ibm
IBM Security Bulletins	Security Bulletin: IBM i2 Analyze and IBM i2 Analyst's Notebook Premium are affected by Apache Log4j Vulnerabilities (CVE-2021-45105 and CVE-2021-45046)	31 Dec 202120:13	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Db2® Warehouse is vulnerable to denial of service and arbitrary code execution due to Apache Log4j (CVE-2021-45105 and CVE-2021-45046)	14 Jan 202221:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerability in Apache Log4j affects Content Collector for IBM Connections (CVE-2021-45105)	14 Jan 202213:16	–	ibm
IBM Security Bulletins	Security Bulletin: Apache Log4j vulnerability impacts IBM Sterling Partner Engagement Manager (CVE-2021-45105, CVE-2021-45046)	5 Jan 202208:04	–	ibm
IBM Security Bulletins	Security Bulletin: IBM® PureData System for Operational Analytics is vulnerable to arbitrary code execution, remote code execution and denial of service due to Apache Log4j (CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)	31 May 202216:21	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerablity in Apache Log4j may affect IBM Tivoli Monitoring (CVE-2021-4104)	30 Dec 202217:31	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Engineering Lifecycle Optimization - Publishing is vulnerable to arbitrary code execution due to Apache Log4j (CVE-2021-44832, CVE-2021-45046, ) and denial of service due to Apache Log4j (CVE-2021-45105)	13 Jan 202220:44	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Jazz for Service Management is vulnerable to a Apache Log4j vulnerabilities(CVE-2021-45105, CVE-2021-45046)	10 Jun 202216:52	–	ibm

NVD

Vulners

Node

apache log4jRange2.0–2.3.1

apache log4jRange2.4–2.12.3

apache log4jRange2.13.0–2.16.0

Node

netapp cloud_managerMatch-

Node

debian debian_linuxMatch10.0

debian debian_linuxMatch11.0

Node

sonicwall email_securityRange≤10.0.12

sonicwall network_security_managerRange2.0–3.0on-premises

sonicwall network_security_managerRange2.0–3.0saas

sonicwall web_application_firewallRange3.0.0–3.1.0

Node

sonicwall 6bk1602-0aa12-0tp0_firmwareRange<2.7.0

AND

sonicwall 6bk1602-0aa12-0tp0Match-

Node

sonicwall 6bk1602-0aa22-0tp0_firmwareRange<2.7.0

AND

sonicwall 6bk1602-0aa22-0tp0Match-

Node

sonicwall 6bk1602-0aa32-0tp0_firmwareRange<2.7.0

AND

sonicwall 6bk1602-0aa32-0tp0Match-

Node

sonicwall 6bk1602-0aa42-0tp0_firmwareRange<2.7.0

AND

sonicwall 6bk1602-0aa42-0tp0Match-

Node

sonicwall 6bk1602-0aa52-0tp0_firmwareRange<2.7.0

AND

sonicwall 6bk1602-0aa52-0tp0Match-

Node

oracle agile_engineering_data_managementMatch6.2.1.0

oracle agile_plmMatch9.3.6

oracle agile_plm_mcad_connectorMatch3.6

oracle autovue_for_agile_product_lifecycle_managementMatch21.0.2

oracle banking_deposits_and_lines_of_credit_servicingMatch2.12.0

oracle banking_enterprise_default_managementMatch2.7.1

oracle banking_enterprise_default_managementMatch2.12.0

oracle banking_loans_servicingMatch2.12.0

oracle banking_party_managementMatch2.7.0

oracle banking_paymentsMatch14.5

oracle banking_platformMatch2.6.2

oracle banking_platformMatch2.7.1

oracle banking_platformMatch2.12.0

oracle banking_trade_financeMatch14.5

oracle banking_treasury_managementMatch14.5

oracle business_intelligenceMatch5.5.0.0.0enterprise

oracle communications_asapMatch7.3

oracle communications_billing_and_revenue_managementMatch12.0.0.4

oracle communications_billing_and_revenue_managementMatch12.0.0.5

oracle communications_cloud_native_core_consoleMatch1.9.0

oracle communications_cloud_native_core_network_function_cloud_native_environmentMatch1.10.0

oracle communications_cloud_native_core_network_repository_functionMatch1.15.0

oracle communications_cloud_native_core_network_repository_functionMatch1.15.1

oracle communications_cloud_native_core_network_slice_selection_functionMatch1.8.0

oracle communications_cloud_native_core_policyMatch1.15.0

oracle communications_cloud_native_core_security_edge_protection_proxyMatch1.7.0

oracle communications_cloud_native_core_service_communication_proxyMatch1.15.0

oracle communications_cloud_native_core_unified_data_repositoryMatch1.15.0

oracle communications_convergenceMatch3.0.2.2.0

oracle communications_convergenceMatch3.0.3.0

oracle communications_convergent_charging_controllerRange12.0.1.0.0–12.0.4.0.0

oracle communications_convergent_charging_controllerMatch6.0.1.0.0

oracle communications_diameter_signaling_routerRange8.3.0.0–8.5.1.0

oracle communications_eagle_element_management_systemMatch46.6

oracle communications_eagle_ftp_table_base_retrievalMatch4.5

oracle communications_element_managerRange<9.0

oracle communications_evolved_communications_application_serverMatch7.1

oracle communications_interactive_session_recorderMatch6.3

oracle communications_interactive_session_recorderMatch6.4

oracle communications_ip_service_activatorMatch7.4.0

oracle communications_messaging_serverMatch8.1

oracle communications_network_charging_and_controlRange12.0.1.0.0–12.0.4.0.0

oracle communications_network_charging_and_controlMatch6.0.1.0.0

oracle communications_network_integrityMatch7.3.6

oracle communications_performance_intelligence_centerMatch10.4.0.3

oracle communications_pricing_design_centerMatch12.0.0.4

oracle communications_pricing_design_centerMatch12.0.0.5

oracle communications_service_brokerMatch6.2

oracle communications_services_gatekeeperMatch7.0

oracle communications_session_report_managerRange<9.0

oracle communications_session_route_managerRange<9.0

oracle communications_unified_inventory_managementMatch7.3.5

oracle communications_unified_inventory_managementMatch7.4.1

oracle communications_unified_inventory_managementMatch7.4.2

oracle communications_user_data_repositoryMatch12.4

oracle communications_webrtc_session_controllerMatch7.2.0.0

oracle communications_webrtc_session_controllerMatch7.2.1

oracle data_integratorMatch12.2.1.3.0

oracle data_integratorMatch12.2.1.4.0

oracle e-business_suiteMatch12.2

oracle enterprise_manager_base_platformMatch13.4.0.0

oracle enterprise_manager_base_platformMatch13.5.0.0

oracle enterprise_manager_for_peoplesoftMatch13.4.1.1

oracle enterprise_manager_for_peoplesoftMatch13.5.1.1

oracle enterprise_manager_ops_centerMatch12.4.0.0

oracle financial_services_analytical_applications_infrastructureRange8.0.7–8.1.1

oracle financial_services_model_management_and_governanceMatch8.0.8.0.0

oracle financial_services_model_management_and_governanceMatch8.1.0.0.0

oracle financial_services_model_management_and_governanceMatch8.1.1.0.0

oracle flexcube_universal_bankingRange12.1.0–12.4

oracle flexcube_universal_bankingRange14.0.0–14.3.0

oracle flexcube_universal_bankingMatch11.83.3

oracle flexcube_universal_bankingMatch14.5

oracle health_sciences_empirica_signalMatch9.1.0.6

oracle health_sciences_empirica_signalMatch9.2.0.0

oracle health_sciences_informMatch6.2.1.1

oracle health_sciences_informMatch6.3.2.1

oracle health_sciences_informMatch7.0.0.0

oracle health_sciences_information_managerRange3.0.1–3.0.4

oracle healthcare_data_repositoryMatch8.1.1

oracle healthcare_foundationRange7.3.0.1–7.3.0.4

oracle healthcare_master_person_indexMatch5.0.1

oracle healthcare_translational_researchMatch4.1.0

oracle healthcare_translational_researchMatch4.1.1

oracle hospitality_suite8Match8.13.0

oracle hospitality_suite8Match8.14.0

oracle hospitality_token_proxy_serviceMatch19.2

oracle hyperion_bi+Range<11.2.8.0

oracle hyperion_data_relationship_managementRange<11.2.8.0

oracle hyperion_infrastructure_technologyRange<11.2.8.0

oracle hyperion_planningRange<11.2.8.0

oracle hyperion_profitability_and_cost_managementRange<11.2.8.0

oracle hyperion_tax_provisionRange<11.2.8.0

oracle identity_management_suiteMatch12.2.1.3.0

oracle identity_management_suiteMatch12.2.1.4.0

oracle identity_manager_connectorMatch9.1.0

oracle instantis_enterprisetrackMatch17.1

oracle instantis_enterprisetrackMatch17.2

oracle instantis_enterprisetrackMatch17.3

oracle insurance_data_gatewayMatch1.0.1

oracle insurance_insbridge_rating_and_underwritingRange5.4–5.6.0.0

oracle insurance_insbridge_rating_and_underwritingMatch5.2.0

oracle insurance_insbridge_rating_and_underwritingMatch5.6.1.0

oracle jdeveloperMatch12.2.1.4.0

oracle managed_file_transferMatch12.2.1.3.0

oracle managed_file_transferMatch12.2.1.4.0

oracle management_cloud_engineMatch1.5.0

oracle mysql_enterprise_monitorRange≤8.0.29

oracle payment_interfaceMatch19.1

oracle payment_interfaceMatch20.3

oracle peoplesoft_enterprise_peopletoolsMatch8.58

oracle peoplesoft_enterprise_peopletoolsMatch8.59

oracle primavera_gatewayRange17.12.0–17.12.11

oracle primavera_gatewayRange18.8.0–18.8.13

oracle primavera_gatewayRange19.12.0–19.12.12

oracle primavera_gatewayRange20.12.0–20.12.7

oracle primavera_gatewayMatch21.12.0

oracle primavera_p6_enterprise_project_portfolio_managementRange19.12.0.0–19.12.18.0

oracle primavera_p6_enterprise_project_portfolio_managementRange20.12.0.0–20.12.12.0

oracle primavera_p6_enterprise_project_portfolio_managementMatch21.12.0.0

oracle primavera_unifierMatch18.8

oracle primavera_unifierMatch19.12

oracle primavera_unifierMatch20.12

oracle primavera_unifierMatch21.12

oracle retail_back_officeMatch14.1

oracle retail_central_officeMatch14.1

oracle retail_customer_insightsMatch15.0.2

oracle retail_customer_insightsMatch16.0.2

oracle retail_data_extractor_for_merchandisingMatch15.0.2

oracle retail_data_extractor_for_merchandisingMatch16.0.2

oracle retail_eftlinkMatch16.0.3

oracle retail_eftlinkMatch17.0.2

oracle retail_eftlinkMatch18.0.1

oracle retail_eftlinkMatch19.0.1

oracle retail_eftlinkMatch20.0.1

oracle retail_eftlinkMatch21.0.0

oracle retail_financial_integrationRange16.0.1–16.0.3

oracle retail_financial_integrationMatch14.1.3.2

oracle retail_financial_integrationMatch15.0.3.1

oracle retail_financial_integrationMatch19.0.0

oracle retail_financial_integrationMatch19.0.1

oracle retail_integration_busRange16.0.1–16.0.3

oracle retail_integration_busRange19.0.0–19.0.1.0

oracle retail_integration_busMatch14.1.3

oracle retail_integration_busMatch14.1.3.2

oracle retail_integration_busMatch15.0.3.1

oracle retail_integration_busMatch19.0.0

oracle retail_integration_busMatch19.0.1

oracle retail_invoice_matchingMatch15.0.3

oracle retail_invoice_matchingMatch16.0.3

oracle retail_merchandising_systemMatch16.0.3

oracle retail_merchandising_systemMatch19.0.1

oracle retail_order_brokerMatch16.0

oracle retail_order_brokerMatch18.0

oracle retail_order_brokerMatch19.1

oracle retail_order_management_systemMatch19.5

oracle retail_point-of-serviceMatch14.1

oracle retail_predictive_application_serverMatch14.1.3.46

oracle retail_predictive_application_serverMatch15.0.3.115

oracle retail_predictive_application_serverMatch16.0.3.240

oracle retail_price_managementMatch13.2

oracle retail_price_managementMatch14.0.4

oracle retail_price_managementMatch14.1.3.0

oracle retail_price_managementMatch15.0.3.0

oracle retail_price_managementMatch16.0.3.0

oracle retail_returns_managementMatch14.1

oracle retail_service_backboneRange16.0.1–16.0.3

oracle retail_service_backboneMatch14.1.3

oracle retail_service_backboneMatch14.1.3.2

oracle retail_service_backboneMatch15.0.3.1

oracle retail_service_backboneMatch19.0.0

oracle retail_service_backboneMatch19.0.1

oracle retail_service_backboneMatch19.0.1.0

oracle retail_store_inventory_managementMatch14.0.4.13

oracle retail_store_inventory_managementMatch14.1.3.5

oracle retail_store_inventory_managementMatch14.1.3.14

oracle retail_store_inventory_managementMatch15.0.3.3

oracle retail_store_inventory_managementMatch15.0.3.8

oracle retail_store_inventory_managementMatch16.0.3.7

oracle siebel_ui_frameworkRange≤21.12

oracle sql_developerRange<21.4.2

oracle taleo_platformRange<22.1

oracle utilities_frameworkRange4.3.0.1.0–4.3.0.6.0

oracle utilities_frameworkMatch4.4.0.0.0

oracle utilities_frameworkMatch4.4.0.2.0

oracle utilities_frameworkMatch4.4.0.3.0

oracle webcenter_portalMatch12.2.1.3.0

oracle webcenter_portalMatch12.2.1.4.0

oracle webcenter_sitesMatch12.2.1.3.0

oracle webcenter_sitesMatch12.2.1.4.0

oracle weblogic_serverMatch12.2.1.3.0

oracle weblogic_serverMatch12.2.1.4.0

oracle weblogic_serverMatch14.1.1.0.0

[
  {
    "product": "Apache Log4j2",
    "vendor": "Apache Software Foundation",
    "versions": [
      {
        "changes": [
          {
            "at": "2.13.0",
            "status": "affected"
          },
          {
            "at": "2.12.3",
            "status": "unaffected"
          },
          {
            "at": "2.4",
            "status": "affected"
          },
          {
            "at": "2.3.1",
            "status": "unaffected"
          },
          {
            "at": "2.0-alpha1",
            "status": "affected"
          }
        ],
        "lessThan": "2.17.0",
        "status": "affected",
        "version": "log4j-core",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
kb	www.kb.cert.org/vuls/id/930724
psirt	www.psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0032
security	www.security.netapp.com/advisory/ntap-20211218-0001/
oracle	www.oracle.com/security-alerts/cpujan2022.html
oracle	www.oracle.com/security-alerts/cpujul2022.html
openwall	www.openwall.com/lists/oss-security/2021/12/19/1
oracle	www.oracle.com/security-alerts/cpuapr2022.html
tools	www.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-log4j-qRuKNEbd
cert-portal	www.cert-portal.siemens.com/productcert/pdf/ssa-501673.pdf
debian	www.debian.org/security/2021/dsa-5024